4 Types of Mobile Monsters and What We Can Learn From Their Horror Stories

Table of contents

It has been a frightening year for anyone with a mobile device, with several high-profile vulnerabilities and attacks on both Android and iOS users. In July, the owners of 950 million Android devices learned that they were susceptible to that could be launched in several ways, including via a single text message. iOS has had its own scares with the Masque Attack and XcodeGhost resulting in riskware and malware being distributed via both legitimate and spoofed apps, in and outside the App Store. 

Looking at all the mobile security flaws that have recently come to light, the total number of users affected numbers well over a billion in 2015 alone. But these numbers are just the tip of the iceberg in terms of users affected by mobile security issues this year. What is scarier are the hundreds of additional vulnerabilities that come and go behind the scenes. They are just as critical, if not more so, despite never being given a name.

Related: 

Fortunately, we can learn some lessons from the security problems that have been made public and apply them to protect against other unknown and unnamed vulnerabilities.

1. Stagefright

Stagefright has become the common name for the numerous vulnerabilities that continue to be found in the default media playback framework on Android devices, making it the gift that keeps giving for vulnerability researchers. In October alone, the monthly Android patch cycle covered 15 more remote code executable vulnerabilities labeled as critical and related directly to Stagefright.

This particular bug will have a lasting impact as Android devices continue to be several months, if not years, away from getting critically needed patches for these types of vulnerabilities. Looking forward, we should address the core of the problem, which is the use of largely unaudited code libraries. Not carefully inspecting these libraries and continuing to use them in mobile devices and applications will result in these types of vulnerabilities living on.

2. iOS XcodeGhost

The XcodeGhost malware is noteworthy in that it did not stem from Apple’s iOS but from the tools used to build iOS apps. iOS developers were unwittingly using a malicious version of the Xcode development tool and baking potentially malicious code into their apps. The result was weaponized apps that collected sensitive information from user devices.

Since its discovery, Apple has been working to remove the infected apps from the App Store, but that doesn’t mean the trouble has ended. This type of exploit can happen again, as XCodeGhost has made malicious actors realize attacking at the developer level is an effective approach. For their part, developers must ensure their tools come from trusted sources — or else place users’ data at risk.

Related: 

3. Certifi-gate

Certifi-gate is a vulnerability affecting Android apps that has been used in the wild. It allows applications to gain illegitimate privileged access through mobile Remote Support Tool (mRST) apps’ security certificates. These tools — , , and to name a few — are often pre-installed and usually have privileged access to functionality on Android devices from popular manufacturers. An exploit that takes advantage of this flaw would gain control of the device by impersonating the apps, leaving users completely vulnerable.

This attack is a perfect example of why manufacturers should be more careful when granting privileged app functions to third parties, and why mobile developers need to become more security-savvy to catch these problems earlier in the development cycle.

4. Masque attack 

Among the 400 GB of information leaked as a result of the Hacking Team breach, FireEye discovered a new iteration of the Masque Attack. It involved reverse engineering and repackaging legitimate apps like Facebook, Twitter and WhatsApp to steal users’ sensitive information and upload it to a remote server. 

Eleven Masque Attack applications were found, any of which could replace legitimate apps on a victim’s device when they were downloaded. It’s important to note that this attack was made possible by spoofing legitimate apps, which could have been prevented if even the most basic anti-tampering controls were in place to prevent attackers from infiltrating and reverse engineering the apps’ source code.

In all of the above cases, as well as more recent Android and iOS malware discoveries we’re still learning about such as YiSpecter, KeyRaider and Ghost Push, there is a common underlying thread — a lack of sufficient device and OS security. Even if patches are made available and publicized, there’s no guarantee that your particular device will receive one due to the device manufacturers and mobile carriers use to push patches out. For instance, the second bundle of Stagefright patches is only currently available for certain Android models like the Nexus brand from Google, despite the need for all Android devices to be protected.

Ultimately, due to the OS’s inherent vulnerabilities and the breakneck pace of new exploits, we — consumers, enterprises and developers alike — can no longer trust default device security measures and must turn our attention further into the mobile stack. Safeguards need to be applied closer to the data, at the app level, to improve mobile security to the extent that the OS provider, device manufacturers and carriers aren’t addressing. Doing so will go a long way toward ensuring we don’t see nearly as many mobile horror stories next year.

Related: 

Calculate the price
Make an order in advance and get the best price
Pages (550 words)
$0.00
*Price with a welcome 15% discount applied.
Pro tip: If you want to save more money and pay the lowest price, you need to set a more extended deadline.
We know how difficult it is to be a student these days. That's why our prices are one of the most affordable on the market, and there are no hidden fees.

Instead, we offer bonuses, discounts, and free services to make your experience outstanding.
How it works
Receive a 100% original paper that will pass Turnitin from a top essay writing service
step 1
Upload your instructions
Fill out the order form and provide paper details. You can even attach screenshots or add additional instructions later. If something is not clear or missing, the writer will contact you for clarification.
Pro service tips
How to get the most out of your experience with MyStudyWriters
One writer throughout the entire course
If you like the writer, you can hire them again. Just copy & paste their ID on the order form ("Preferred Writer's ID" field). This way, your vocabulary will be uniform, and the writer will be aware of your needs.
The same paper from different writers
You can order essay or any other work from two different writers to choose the best one or give another version to a friend. This can be done through the add-on "Same paper from another writer."
Copy of sources used by the writer
Our college essay writers work with ScienceDirect and other databases. They can send you articles or materials used in PDF or through screenshots. Just tick the "Copy of sources" field on the order form.
Testimonials
See why 20k+ students have chosen us as their sole writing assistance provider
Check out the latest reviews and opinions submitted by real customers worldwide and make an informed decision.
Business and administrative studies
excellent job
Customer 452773, March 12th, 2023
English 101
IThank you
Customer 452631, April 6th, 2021
Human Resources Management (HRM)
excellent
Customer 452773, July 11th, 2023
Business and administrative studies
Excellent job
Customer 452773, March 17th, 2023
History
Looks great and appreciate the help.
Customer 452675, April 26th, 2021
Leadership Studies
awesome work as always
Customer 452773, August 19th, 2023
business
Thank you for your hard work and help.
Customer 452773, February 13th, 2023
Leadership Studies
excellent job
Customer 452773, August 3rd, 2023
Humanities
Thank youuuu
Customer 452729, May 30th, 2021
Management
Thank you!!! I received my order in record timing.
Customer 452551, February 9th, 2021
Management
Love this writer!!! Great work
Customer 452597, April 5th, 2021
Nursing
thank you so much
Customer 452749, June 10th, 2021
11,595
Customer reviews in total
96%
Current satisfaction rate
3 pages
Average paper length
37%
Customers referred by a friend
OUR GIFT TO YOU
15% OFF your first order
Use a coupon FIRST15 and enjoy expert help with any task at the most affordable price.
Claim my 15% OFF Order in Chat
Close

Sometimes it is hard to do all the work on your own

Let us help you get a good grade on your paper. Get professional help and free up your time for more important courses. Let us handle your;

  • Dissertations and Thesis
  • Essays
  • All Assignments

  • Research papers
  • Terms Papers
  • Online Classes
Live ChatWhatsApp